ipsec_common_input() & splsoftnet()

Sun, 22 Jan 2017 16:45:23 -0800 

This function is only called by udp_input() so at IPL_SOFTNET.  Assert
that and get rid of a recursive splsoftnet()/splx() dance.

ok?

Index: netinet/ipsec_input.c
===================================================================
RCS file: /cvs/src/sys/netinet/ipsec_input.c,v
retrieving revision 1.137
diff -u -p -r1.137 ipsec_input.c
--- netinet/ipsec_input.c       20 Jan 2017 04:22:58 -0000      1.137
+++ netinet/ipsec_input.c       23 Jan 2017 00:43:03 -0000
@@ -123,11 +123,13 @@ ipsec_common_input(struct mbuf *m, int s
        struct ifnet *encif;
        u_int32_t spi;
        u_int16_t cpi;
-       int s, error;
+       int error;
 #ifdef ENCDEBUG
        char buf[INET6_ADDRSTRLEN];
 #endif
 
+       splsoftassert(IPL_SOFTNET);
+
        IPSEC_ISTAT(espstat.esps_input, ahstat.ahs_input,
            ipcompstat.ipcomps_input);
 
@@ -227,11 +229,9 @@ ipsec_common_input(struct mbuf *m, int s
                return EPFNOSUPPORT;
        }
 
-       s = splsoftnet();
        tdbp = gettdb(rtable_l2(m->m_pkthdr.ph_rtableid),
            spi, &dst_address, sproto);
        if (tdbp == NULL) {
-               splx(s);
                DPRINTF(("ipsec_common_input(): could not find SA for "
                    "packet to %s, spi %08x\n",
                    ipsp_address(&dst_address, buf, sizeof(buf)), ntohl(spi)));
@@ -242,7 +242,6 @@ ipsec_common_input(struct mbuf *m, int s
        }
 
        if (tdbp->tdb_flags & TDBF_INVALID) {
-               splx(s);
                DPRINTF(("ipsec_common_input(): attempted to use invalid "
                    "SA %s/%08x/%u\n", ipsp_address(&dst_address, buf,
                    sizeof(buf)), ntohl(spi), tdbp->tdb_sproto));
@@ -253,7 +252,6 @@ ipsec_common_input(struct mbuf *m, int s
        }
 
        if (udpencap && !(tdbp->tdb_flags & TDBF_UDPENCAP)) {
-               splx(s);
                DPRINTF(("ipsec_common_input(): attempted to use non-udpencap "
                    "SA %s/%08x/%u\n", ipsp_address(&dst_address, buf,
                    sizeof(buf)), ntohl(spi), tdbp->tdb_sproto));
@@ -263,7 +261,6 @@ ipsec_common_input(struct mbuf *m, int s
        }
 
        if (!udpencap && (tdbp->tdb_flags & TDBF_UDPENCAP)) {
-               splx(s);
                DPRINTF(("ipsec_common_input(): attempted to use udpencap "
                    "SA %s/%08x/%u\n", ipsp_address(&dst_address, buf,
                    sizeof(buf)), ntohl(spi), tdbp->tdb_sproto));
@@ -273,7 +270,6 @@ ipsec_common_input(struct mbuf *m, int s
        }
 
        if (tdbp->tdb_xform == NULL) {
-               splx(s);
                DPRINTF(("ipsec_common_input(): attempted to use uninitialized "
                    "SA %s/%08x/%u\n", ipsp_address(&dst_address, buf,
                    sizeof(buf)), ntohl(spi), tdbp->tdb_sproto));
@@ -286,7 +282,6 @@ ipsec_common_input(struct mbuf *m, int s
        if (sproto != IPPROTO_IPCOMP) {
                if ((encif = enc_getif(tdbp->tdb_rdomain,
                    tdbp->tdb_tap)) == NULL) {
-                       splx(s);
                        DPRINTF(("ipsec_common_input(): "
                            "no enc%u interface for SA %s/%08x/%u\n",
                            tdbp->tdb_tap, ipsp_address(&dst_address, buf,
@@ -319,7 +314,6 @@ ipsec_common_input(struct mbuf *m, int s
         * everything else.
         */
        error = (*(tdbp->tdb_xform->xf_input))(m, tdbp, skip, protoff);
-       splx(s);
        return error;
 }

Reply via email to